A Tabletop As Big As the World
Wendy Nather
NorthSec 2025 · Day 2 · Ville-Marie
Wendy Nather, one of the most experienced incident response practitioners in the field, uses the NorthSec 2025 closing keynote to argue that tabletop exercises are systematically underdesigned — too narrow in scope, too polite in scenario construction, and too rarely stress-tested against the real conditions of a bad day. Drawing from decades of incident work, corporate security leadership, and large-scale multi-stakeholder exercises including geopolitical simulations, she delivers a dense, practical framework for making tabletops actually useful. ---
AI review
Wendy Nather uses the closing keynote to deliver a practical framework for designing tabletop exercises that actually stress-test assumptions rather than confirm existing plans. Key contributions: the logging-gap section (illustrated by a real 6-week AWS log retrieval delay during an active breach), the 'remove the key decision-maker' technique, role-specific vs. generic training research from Cyentia, and lessons from geopolitical-scale multi-disciplinary exercises.